Whether we are publishing our own original content or helping our partners get the word out about their technologies. We bring you the latest news, market trends and product innovation.
Why a Well-Designed Disaster Recovery and Business Continuity Plan is Essential For Your Business
No one wants to think about disasters but they do happen, far more often than expected. IT risks to your business include hardware and software failure, human error, spam, viruses and malicious attacks, as well as natural disasters such as fires, cyclones or floods.
According to a survey conducted by the Disaster Recovery Preparedness Council (DRPC) in 2014, nearly three out of four companies are failing in their disaster readiness. This is an alarming number given how unpredictable the nature of disaster is. More than a third of organisations surveyed lost one or more critical applications, virtual machines or important data files at some point in time last year. Nearly one in five companies lost one or more critical applications over several days.
Can your business afford to take such a big hit?
Experts estimate the cost of losing critical applications at more than $5,000 per minute, with some companies even confirming more. Aside from the financial cost, outages also cost valuable staff time and damage to business reputation.
Behind such an enormous loss is the lack of disaster recovery planning, testing and resources. Companies did not have a fully documented DR plan or their plan was not designed to respond to the worst-case scenario. Some organisations reported testing their DR plans once or twice a year, with others admitting to not having tested their plans at all.
How do you improve your DR preparedness?
Plan ahead and implement a very detailed DR plan. Think of questions like what happens if one server goes down? What if all servers crash? Is all of the critical hardware in your server room covered by on-site hardware warranty? Daniel Johns, Head of Professional Services at ASI Solutions, believes the two most important things that organisations need to look at to improve their DR preparedness are the Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). The RPO represents the maximum amount of time of which data can be lost due to a major incident. For example, if there was to be a major incident at 5pm, and the last backup was at 11pm the previous night, could the business absorb the impact of losing a full day’s worth of data? The RTO represents the amount of time that is tolerable to a business to bring any service back online following a major incident. If a server was to fail, what is maximum tolerable amount of time the organisation can handle that server or service being offline?
Identify risks to your IT systems and data to reduce or manage those risks, and to develop a response plan in the event of a crisis. An IT Risk Assessment will identify current risks, check the security of your data and review operational procedures surrounding the IT systems supporting the business. You can manage IT risks by completing a business risk assessment. Having a business continuity plan can help your business recover from an IT incident. The assessment will audit various equipment including, server room, data centre, servers, routers, desktops, laptops, networks including wireless, firewalls, applications and so on.
Understand the environment you are trying to protect. Make adjustments, repeat tests and update your plan as the environment changes. Your plan must include everything you will need to recover: all applications, networks, documents, services, processing systems and so on. Specify the RTO for critical applications.
Develop a set of User Acceptance Tests (UAT) which should be confirmed as working during the course of the DR testing. The UAT are simply a list of the functions that any part of the business needs to operate. Start by listing the line-of-business applications, and consulting with department heads to get their input on what IT functions are critical for their department to run.
Test the critical applications more frequently to see if recovery can be done within RTOs. Automating such processes would be beneficial in the long run, saving you time and money. Johns highlighted that “the biggest mistake companies make in terms of DR preparedness is not testing the DR plan in its entirety.” Ensure you test the recovery of your backups. What is the use of a backup if you can’t recover it? When disaster strikes, you don’t want to be left with half of your systems running. The Backup and Disaster recovery plan should integrate with the business’ overall IT environment to create solid business continuity.
Find a good specialist that can provide a template security policy, or tailor the risk assessment to suit the existing security policies.
Part of ASI Solutions’ vulnerability assessment is testing your IT environment’s resilience to security threats. The on-site audit component is an inspection of the physical installation of equipment, cabling together with the opportunity to capture any specific concerns or requirements.
“While the DR plan may look complete on paper, by actually executing it, any areas that may not have been considered will be uncovered and additional detail added to it. You will then have 100% confidence that your plan will actually work. We always recommend that budget be allocated to a test your DR plan on a yearly basis,” Johns said.
The key to a successful testing cycle is a repeatable process. The ASI engineering team maintains strict internal process standards to ensure that risk assessments are sensible, repeatable, and are providing the correct information for the client’s needs. The engineering team can tailor individual test types to specific services and infrastructure needs for your business.